ericonr
/
zfsbootmenu
mirror of https://github.com/ericonr/zfsbootmenu.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add key_wrapper method, load keys on pool reimport

This commit is contained in:
Zach Dykstra 2019-12-24 13:14:40 -06:00
parent 937cb59ab0
commit 747a197dea
3 changed files with 53 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
90zfsbootmenu/zfsbootmenu-lib.sh
View File

@ -150,6 +150,12 @@ kexec_kernel() {
umount_zfs ${fs}
# Export if read-write, to ensure a clean pool
pool="${selected%%/*}"
if [ "$( zpool get -H -o value readonly ${pool} )" = "off" ]; then
export_pool "${pool}"
fi
kexec -e -i
}
@ -179,16 +185,23 @@ clone_snapshot() {
ret=$?
if [ $ret -eq 0 ]; then
if output=$( find_be_kernels "${target}" "${BASE_MOUNT}" ); then
echo "${target}" >> ${BASE}/env
return 0
key_wrapper "${target}"
if [ $? -eq 0 ]; then
if output=$( find_be_kernels "${target}" "${BASE_MOUNT}" ); then
echo "${target}" >> ${BASE}/env
return 0
else
# No kernels were found
return 1
fi
else
# keys were needed, but not loaded
return 1
fi
else
# Clone failed
return $ret
fi
}
# arg1: ZFS filesystem
@ -206,6 +219,7 @@ find_be_kernels() {
# Check if /boot even exists in the environment
mount_zfs "${fs}" "${mnt}"
if [ ! -d "${mnt}/boot" ]; then
umount_zfs "${fs}"
return
@ -371,11 +385,11 @@ be_key_status() {
load_key() {
local encroot ret key keyformat keylocation
encroot="${1}"
tput clear
tput cup 0 0
keylocation="$( zfs get -H -o value keylocation ${encroot} )"
if [ "${keylocation}" = "prompt" ]; then
tput clear
tput cup 0 0
zfs load-key -L prompt ${encroot}
ret=$?
else
@ -385,6 +399,8 @@ load_key() {
zfs load-key ${encroot}
ret=$?
elif [ "${keyformat}" = "passphrase" ]; then
tput clear
tput cup 0 0
zfs load-key -L prompt ${encroot}
ret=$?
fi
@ -393,6 +409,27 @@ load_key() {
return ${ret}
}
# arg1: ZFS filesystem
# prints: nothing
# returns 0 on success, 1 on failure
key_wrapper() {
local encroot fs ret
fs="${1}"
ret=0
encroot="$( be_key_needed ${fs})"
if [ $? -eq 1 ]; then
if be_key_status ${encroot} ; then
if ! load_key ${encroot} ; then
ret=1
fi
fi
fi
return ${ret}
}
# arg1: message
# prints: nothing
# returns: nothing

6
90zfsbootmenu/zfsbootmenu-parse-commandline.sh
View File

@ -26,6 +26,12 @@ else
import_args="-o readonly=on -N"
fi
# Import pools by default in read-write mode
if getargbool 0 read_write ; then
info "ZFSBootMenu: Enabling read-write ZFS pool import"
import_args="${import_args/readonly=on/readonly=off}"
fi
# Set a menu timeout, to allow immediate booting
menu_timeout=$( getarg timeout=)
if [ -n "${menu_timeout}" ]; then

22
90zfsbootmenu/zfsbootmenu.sh
View File

@ -124,13 +124,8 @@ if [[ ! -z "${BOOTFS}" ]]; then
# Boot up if we timed out, or if the enter key was pressed
if [[ ${fast_boot} -eq 1 || $i -eq 0 ]]; then
encroot="$( be_key_needed ${BOOTFS})"
if [ $? -eq 1 ]; then
if be_key_status ${encroot} ; then
if ! load_key ${encroot} ; then
emergency_shell "unable to load required key for ${encroot}"
fi
fi
if ! key_wrapper "${encroot}" ; then
emergency_shell "unable to load required key for ${encroot}"
fi
# Generate a list of valid kernels for our bootfs
@ -150,22 +145,14 @@ fi
# Find any filesystems that mount to /, see if there are any kernels present
for FS in $( zfs list -H -o name,mountpoint | grep -E "/$" | cut -f1 ); do
encroot="$( be_key_needed ${FS})"
# Encryption key is needed
if [ $? -eq 1 ]; then
if be_key_status ${encroot} ; then
# Key is not loaded
if ! load_key ${encroot} ; then
continue
fi
fi
if ! key_wrapper "${encroot}" ; then
continue
fi
# Check for kernels under the mountpoint, add to our BE list
if output=$( find_be_kernels "${FS}" "${BASE_MOUNT}" ); then
echo ${FS} >> ${BASE}/env
fi
done
if [ ! -f ${BASE}/env ]; then
@ -208,7 +195,6 @@ while true; do
selected_snap="$( draw_snapshots ${selected_be} )"
ret=$?
if [ $ret -eq 130 ]; then
BE_SELECTED=0
elif [ $ret -eq 0 ] ; then